具有相同身份验证 Web API 的多个应用程序的授权工作流程是什么?
[英]What would be the authorization workflow for multiple applications with the same authentication web API?
问题描述
I have two applications, one written in VB.Net using Asp.Net Web Forms (app1).
我有两个应用程序,一个是使用 Asp.Net Web Forms (app1) 在 VB.Net 中编写的。 The second is in C# using Asp.Net Core MVC (app2).第二个是在 C# 中使用 Asp.Net Core MVC (app2)。 I want to create a web API that authenticates a user trying to access either app and shares that authorization token between the apps.我想创建一个 Web API,用于对尝试访问任一应用程序的用户进行身份验证并在应用程序之间共享该授权令牌。 If the user goes from app1 to app2, the JWT token will be deemed valid and that user will effectively be logged on.如果用户从 app1 转到 app2,则 JWT 令牌将被视为有效且该用户将有效登录。 If the same user signs out at any point, it removes the JWT token and will require a login again.如果同一用户在任何时候退出,它会删除 JWT 令牌并需要再次登录。
I have built a web api that runs with identity and entity framework that already creates JWT tokens if you have an account in identity and successfully performs authorization in itself.我已经构建了一个使用身份和实体框架运行的 web api,如果您有一个身份帐户并成功执行授权,该框架已经创建了 JWT 令牌。 I am struggling with getting app2 to accept that JWT and somehow dissect it to see what roles the user has in app2.我正在努力让 app2 接受 JWT 并以某种方式对其进行剖析以查看用户在 app2 中具有哪些角色。 Here is my current Startup.cs page with how I've wired the JwtBearer:这是我当前的 Startup.cs 页面,其中包含我如何连接 JwtBearer:
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
var authManager = Configuration.GetSection("AuthenticationManager");
var key = TextEncodings.Base64Url.Decode(authManager.GetSection("AudienceSecret").Value);
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.RequireHttpsMetadata = false;
options.Authority = authManager.GetSection("Address").Value;
options.Audience = "my secret audience";
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false
};
});
services.AddControllersWithViews();
services.AddMvc();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Home}/{action=Index}/{id?}");
});
}
}
Is there a smart way to redirect for login and have app2's controller actions have my [Authorize] attribute just look at the JWT from the API?是否有一种智能方法可以重定向登录并使 app2 的控制器操作具有我的 [Authorize] 属性,只需查看 API 中的 JWT? Thanks!谢谢!
1 个解决方案
解决方案1
0 2020-01-29 23:50:43
You may want to consider something like IdentityServer for this.为此,您可能需要考虑 IdentityServer 之类的东西。 It can handle these sorts of scenarios out of box -- it's a pretty well-proven .Net solution with extensive documentation and sample code.它可以开箱即用地处理这些类型的场景——这是一个非常成熟的 .Net 解决方案,具有大量文档和示例代码。 https://identityserver.io/ https://identityserver.io/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.